The invention discloses a bastion host. The bastion host serves as an operation and maintenance operation gateway of a data center. An identity account, a server account and a matching relationship between the identity account and the server account are arranged in the bastion host; each server account has respective operation authority, the bastion host establishes connection between the terminaland the server according to the operation authority, and the terminal operates the server to form an operation log to be stored in the bastion host. The bastion host has the advantages that the bastion host confirms the identity of the person twice: the responsible person applying for entering belongs to a set of persons allowed to enter, and the person applying for entering is the person. Thus,the problem of fuzzy identity is solved, and if the problem is found, people can be directly traced back. Identity authentication, access control, authority control and operation auditing can be carried out on the terminal entering the server at the equipment and host layers, and behaviors of workers are restrained and monitored.